-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add boost like messaging system for members #522
Comments
Memberful has oauth 2.0 api that makes it possible to authenticate members without storing their credentials. For this particular use case I think it would be reasonable to have a backend server that will handle the authorization code flow and provide users with up to date list of episodes based on podping or rss. This server would be able to send the notifications about the messages to some convenient channel ie. matrix jb private matrix channel. A 5$ linode should eat this kind of traffic for breakfast. If the JB finds it useful I'd be happy to implement it or support someone 👍 |
Just to add a few more things to help guide/comment for whoever takes this on:
|
BTW, while I love that we're planning on self-hosting as much as we can. I also (as a security person 🙃) want to make sure we're going to implement it correctly 😅 For example, this is a video that demonstrates how to self-host Oauth for a NetlifyCMS + GitHub authorization. So where possible I'd urge the person who works on this to ensure they use a 3rd party library for handling Oauth. I typically never recommend people rolling their own authentication, as that's a non-trivial task 😅 So, again I'm not discouraging us from doing this, but let's not try to reinvent the wheel, make sure it's thoroughly reviewed, and try to prevent introducing a vulnerability 🙂 |
I avoid writing anything more complex than a script without a strong static type system. I feel the most productive in rust but I'd be happy to assist/review someone who wants to tackle this problem in python (if you decide to stick to python for obvious reasons). Regarding security I also don't suggest writing anything new and off the shelf. Additionally in this case, there wouldn't be anything critical guarded by those tokens anyway apart from HTTP endpoint that sends a message. It might be a personal opinion but it seems that having a single server would be far easier to manage and understand than on-edge workers. Especially if you decide to add some state like rate limiting or caching the list of possible episodes to link the boost message against. You can stick it in a local sqllite file and call it a day 👍 |
Just to list all possible options, Memberful has native Discord integration, so a members-only Discord server could be an option. I know JB and the community prefers Matrix as their chat platform, so this is probably not an ideal solution in terms of community adoption. |
Feature Description
It would have been awesome to be able to send boost messages as a
member. It would have enabled members to be more involved in shows.
The conversation around this topic has come multiple times in matrix:
Acceptance criteria:
with memberful API
related to
content on the website
Reference to Feature
No response
The text was updated successfully, but these errors were encountered: